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AMENDMENT TO THE SPECIFICATION: 

Please replace paragraph (0029] with the following paragraph; 
[0029] An exemplary logical unit is depleted rn Figure 5. Each logical unit as we have 
defined it is described in detail below. 

Please replace paragraph [0030] with the following paragraph: 

[0030] The security client 10 provides security services to data, othenvise referred to as 
enhancing data, before/after transmission to/from a sen/er. The security client 10 can 
be deployed In software, hardware, and/or firmware. Preferably, security client 10 
comprises a logical unit programmed or constructed to perfomi server side security and 
authorization services. Alternatively, security client 10 may be realized by computer 
readable program code embodied in a computer usable medium such as a CD ROM, a 
memory, a USB memory device, a SONY Memory Stlck^, a disk, a smart card, a flash 
card, a cam'er wave, or other computer usable medium. For example, security client 10 
may be realized by software run on a workstation class machine or with a smartcard. 
Likewise a wireless PDA or cell phone might have the client loaded therein. The 
security client provides a combination of some or all of the following enhancement 
sen/ices: authentication, integrity, confidentiality and non-repudration. These sen/Ices 
are typically implemented but not limited to digital signature, Key exchange, encryption, 
e.g., 3DES (2 or 3 key), biometrics, signature verification, and decryption. These 
services are provided in an algorithm and mechanism independent feshion. Any 
mechanism can be used as long as both security client 10 and the cryptographic 
gateway 40 support it. For example, authentication may be performed using the RSA , 
DSA, or elliptic curve algorithms. Optionally, a user might be identified with a blometric 
like a fingerprint, iris scan, retinal scan, voloeprint, eta This feature allows the level of 
protection to be configured based on the sensitivity of the data transmitted. It is 
expected that new enhancement techniques will be developed in the future. Applteation 
of such techniques is contemplated by this invention. 

Please replace paragraph [0040] with the following paragraph: 
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[0040] More particularly, as illustrated in Figure 3A. 2 security client 10 Is 
preferably configured to accommodate a plurality of security clients 10. Each security 
client 10 may support one or more protocols, e.g., HTTP, SMTP, FTP, etc., preferably 
corresponding to a single outbound proxy. However, in alternate embodiments, the 
security client 10 may include more than one outgoing proxy. Data is enhanced by 
security client 10 and passed via the outbound proxy or proxies to cryptographic 
gateway 40. Cryptographic gateway 40 preferably includes at least a sufficient number 
of proxies to correspond to the outbound proxies of each security client 10, thereby 
enabling cryptographic gateway 40 to recognize data transmitted from each security 
client 10. Accordingly, when cryptographic gateway 40 recognizes the outbound proxy 
and recognizes the identity of the sender, i.e., authenticates the transmission, 
cryptographic gateway 40 removes enhancements from the data and passes the data 
on to application server 50. If cryptographic gateway 40 does not recognize the 
outbound proxy, the data is blocked from passing through cryptographic gateway 40 
and, thus, prevented from reaching application server 50. 

Please replace paragraph [0052] with the following paragraph: 

[0052] Certain application-specific information will be completely ignored by 
cryptographic gateway 40 while security client lOcould potentially add to this 
infomrialion. The format of the <tag>=<value> pairs in this section should support 
application-specific authorization checking, all functionality available in Web fonns. and 
maybe some additional features, such as images or other encoded binary data. 

Please replace paragraph [0060] with the following paragraph: 
[0060] For readability, the resources could be grouped by the application they 
apply to or some other grouping, but this is optional Order should not matter when 
checking authorizations. 
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